I'm waiting for redhat to release updates for php on as3. I can't find anything about it on bugzilla or errata. Does anyone know if as3's vulnerable? This is "highly critical". Also, is there a better ("security" maybe) list to send this to?
Thank You,
jeff
http://secunia.com/advisories/13481/
TITLE: PHP Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA13481
VERIFY ADVISORY: http://secunia.com/advisories/13481/
CRITICAL: Highly critical
IMPACT: Security Bypass, Exposure of sensitive information, Privilege escalation, System access
WHERE:
From remote
SOFTWARE: PHP 5.0.x http://secunia.com/product/3919/ PHP 4.3.x http://secunia.com/product/922/
DESCRIPTION: Multiple vulnerabilities have been reported in PHP, which can be exploited to gain escalated privileges, bypass certain security restrictions, gain knowledge of sensitive information, or compromise a vulnerable system.
1) An integer overflow in the "pack()" function can be exploited to cause a heap-based buffer overflow by passing some specially crafted parameters to the function.
Successful exploitation bypasses the safe_mode feature and allows execution of arbitrary code with the privileges of the web server.
2) An integer overflow in the "unpack()" function can be exploited to leak information stored on the heap by passing specially crafted parameters to the function.
In combination with the first vulnerability, this may also allow bypassing of heap canary protection mechanisms.
3) An error within safe_mode when executing commands can be exploited to bypass the safe_mode_exec_dir restriction by injecting shell commands into the current directory name.
Successful exploitation requires that PHP runs on a multi-threaded Unix web server.
4) An error in safe_mode combined with certain implementations of "realpath()" can be exploited to bypass safe_mode via a specially crafted file path.
5) An error within the handling of file paths may potentially lead to file inclusion vulnerabilities. The problem is that "realpath()", which in some implementations truncate filenames, is used in various places to obtain the real path of a file.
6) Various errors within the deserialization code can be exploited to disclose information or execute arbitrary code via specially crafted strings passed to the "unserialize()" function.
7) An unspecified error in the "shmop_write()" function may result in an attempt to write to an out-of-bounds memory location.
8) An unspecified error in the "addslashes()" function causes it to not escape "\0" correctly.
9) An unspecified boundary error exists in the "exif_read_data()" function when handling long section names.
10) An unspecified error within "magic_quotes_gpc" may allow a one-level directory traversal when uploading files.
NOTE: Other potential security issues have also been reported.
SOLUTION: Update to version 4.3.10 or 5.0.3. http://www.php.net/downloads.php
PROVIDED AND/OR DISCOVERED BY: 1-6) Stefan Esser 6) Martin Eiszner 7-10) Reported by vendor.
ORIGINAL ADVISORY: PHP: http://www.php.net/release_4_3_10.php
Stefan Esser: http://www.hardened-php.net/advisories/012004.txt
----------------------------------------------------------------------
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
----------------------------------------------------------------------
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
